Intelligent Tech Channels Issue 32 | Page 65

FINAL WORD The current pandemic has highlighted the need for channel partners to continue to leverage their relations with their customers for a healthy partner ecosystem. What is the current cyberthreat landscape in the UAE? The cyberthreat landscape in the United Arab Emirates (UAE) is rapidly evolving, with cybercriminals increasingly targeting people rather than infrastructure. In fact, Proofpoint’s recent survey of CISOs and CSOs in the region revealed that 82% of UAE organisations suffered at least one cyberattack in 2019. Over half (51%) reported multiple incidents and almost a third (31%) experienced one. From email-based threats, such as Business Email Compromise attacks (BEC), to compromising cloud accounts and debilitating ransomware attacks, cybercriminals are aware that employees can easily be tricked. Using social engineering attacks, cybercriminals can steal credentials, siphon sensitive data and fraudulently transfer funds. Employees across all job levels and functions can put your business at risk in numerous ways, from using weak passwords and sharing credentials to clicking on malicious links and downloading unauthorised applications. To address this, organisations must consider how often they are being targeted, the risks these attacks pose and how prepared they – and, more importantly, their workforce – are. Employee education and security awareness is often the difference between an attempted cyberattack and a successful one. How much of a target are emails and why, and what threats are introduced via email? Email is and will remain the initial threat vector of choice for most actors. Email-based threats are among the oldest, most pervasive and widespread cybersecurity threats hitting organisations worldwide. From massive malware campaigns targeting millions of recipients with banking Trojans to carefully crafted email fraud, the email threat landscape is extremely diverse, creating a wide range of opportunities for threat actors to attack organisations. More importantly, email allows threat actors to attack individuals within an organisation, a far more lucrative and effective approach than targeting infrastructure. These threats must continuously grow in sophistication as humans become better at detecting them over time. Credentials are often phished via email – a method of attack that remains alarmingly effective. Cybercriminals are increasingly using compromised credentials to access email accounts, sensitive information and corporate systems. Proofpoint research found that account compromise was in fact the leading method of cyberattack in the UAE in 2019, impacting 28% of companies, followed by credential phishing (20%) and insider threats (17%). Phishing and impersonation attacks/ Business Email Compromise (BEC) attacks accounted for 15% each amongst the organisations targeted last year. In line with this, email fraud via Business Email Compromise (BEC), in which an attacker gains access to an email account and spoofs its owner, is on the rise globally – and is now being described as one of the most expensive threats on the cyber landscape. In fact, the latest FBI report estimates total worldwide losses as a result of BEC at US$1.7bn in 2019. Evidently, the threat outlook is fastevolving and we will continue to witness cybercriminals trying to gain foothold and steal sensitive information via emailborne attacks. How important is human behaviour in preventing these types of attacks? Cybercriminals are increasingly targeting people rather than infrastructure. In fact, 99% of cyberattacks require human interaction to be successful. CISOs and CSOs in the UAE recognise this human risk to their organisations, with 39% believing that their employees make their business vulnerable to a cyberattack. Common security errors made by employees according to CSOs and CISOs include poor password hygiene (29%), mishandling sensitive information (25%), falling for phishing attacks (24%) and clicking INTELLIGENT TECH CHANNELS INTELLIGENT TECH CHANNELS Issue 32 65